Sponsoring:

From: Mike Harrison
------------------------------------------------------
Back in June, Wes mentioned StartSSL http://www.startssl.com
as an alternative to the big SSL providers, with a very different
methodology, but good SSL certs for Apache, Linux
(and probably everything else).
Wow, what a difference. First, ignore that their website is a little dated
looking and not over-designed with bullshit adverts and add-ons. Their
founder Eddy Nigg is a nut, but the right kind of nut.
You get started by creating and SSL Client cert that gets installed iin
your browser which acts as your "key" to your account and then go through
steps to verify an email address or two. The typical: they send you a
token, you paste it back into the website type of things.
Then it gets interesting, if you want "Class 2" verification, which allows
you to create "Class 2" SSL Certificates, which are standard SSL
Certificates used for normal web SSL encryption, you have to get
confirmed that you are who you say you are. This required me to swallow
hard because they wanted scans of my Passport and Drivers License.
I checked them out for a few days online, no scam complaints... crazy
nutcases saying they trusted them... so I did it. An actual human sent
emails asking for a scan of a phone bill with my address on it.
I'm prepaid with T-Mobile, which works for me and I don't get bills.
They didn't accept the screen shots of my T-Mobile account.
This led to a couple more actual human clueful emails and they ended up
sending me, via registered mail, from Israel, a letter with a token in it
for address verification. This took a few days to receive, but I was
impressed that they were going through such steps.
Since then, I've issued wildcard and host specific SSL certs for 3
domains, including https://www.geeklabs.com (if you want to check out the SSL Cert)
I've paid them $59.90 USD so far. I feel guilty. I'm used to paying much
more to entities that have much less of a clue who is behind the
certificate request. That actual intelligent humans responded to emails
had me spinning my head around. Hence this writeup. I hope ya'll consider
them for your needs also.
So far, everything I have thrown at them seems to work well. PHP, Curl,
even Java..(Gasp!)
We are starting the process for the Extended Validation Certs. They want a
lot of paperwork/proof for these, but they are less than $200 for
something Verisign dumps you into a pricing wizard to calculate a 4+ digit
number for, and probably has less idea who is behind the certificate.
Important step for something taking payments for utilities.
Issues:
Firefox does a database lookup on SSL Certs that may take a hours to a day
to recognize a freshly issued/installed SSL Certificate that Chrome,
Safari and MSIE do not do by default. I'm suggesting that if this is
critical is to issue the SSL Cert on the system, but not install it for a
few hours. It works great once it is in the "OCSP" system.

===============================================================
From: James Nylen
------------------------------------------------------
Mike,
You have this on your website:
It's causing a "This page has insecure content." warning for me in Chrome.
If you change it as follows, that should be resolved:

===============================================================
From: Mike Harrison
------------------------------------------------------
James:
Thanks, there a few other thing wrong there as well.. I prefer hosting a
static version of jQuery. Actually, I'd prefer not using it at all.
But it works well with the Bootstrap CSS. The SSL on that website was an
experiment, and for accessing some things via basic auth and SSL deeper in
the site.